Event owner decides on authenticator. 
Supplies deadline, security properties, 
password, admin, info. 



202 



Authenticator generates public and 
private encryption keys Kpub and Kpriv 



204 



Authenticator creates event identifier 
EID encoding Authenticator host name & 
port, unique event number, security 
properties. 



Authenticator records EID, Kpub, Kpriv 
in its private database and publishes EID 
and Kpub 



208 



Event owner publicizes EID and Kpub in 




announcement of event 


210 



Client side submission software for upload 
proxy technique make available to clients 



212 



FIG. 3 



200 



Client-side submission software 
generates a unique identifier for its data 
T (as by using a one-way hash function 
to produce h(T). 



302 



Based on the EID, h(T) and the client's 
email address (usually the email address 
of the user of the client) are sent to the 
authenticator 



304 



Authenticator time-stamps the received 
message from the client with a time 
stamp a. 



306 



308 



Authenticator concatenates h(T) with o and 
encrypts with private key of event Kpriv. Sends e 
= Kpriv (h(T), a), upload ticket to client. Sends 
list of upload proxy servers. Stores info. 



Client inspects e to make sure it was 
generated by Authenticator 



Client-side software generates session 
key Kses, concatenates Kses with e and 
encrypts it with Kpub 



312 



Client sends EID, Kses(T), and Kpub(Kses, 
£ ) to an upload proxy server which sends a 
receipt to the client 



FIG. 4 
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Upload proxy server sends receipt to the 
destination server 




r 


Destination server re 
the identity of the sei 
server 


cords the receipt and 
iding upload proxy 



402 



404 



Destination server retrieves (downloads) 
the data stored in the upload proxy 
servers 



406 



408 



Destination server uses the event private key 
Kpriv to decrypt the submissions and obtain T and 
upload ticket e 



Destination server uses its private key 
Kpriv to recompute upload ticket £ and 
insure that T and a have not been altered 



In response to message from destination 
server that data was successfully 
downloaded from upload proxy server, the 
upload proxy server can delete the data 



410 



412 



FIG. 6 
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